BlogIt!

[theguy0000]

Okay, no problem.. but don't be surprised if I want to fiddle with it a bit when I have nothing else to script..

thanks, and no problem feel free to contribute anytime...

[theguy0000]

Now allows custom post title in the demo, but I'm not releasing another version until I have more features...

[theguy0000]

Post title limited to 60 characters. Thanks whoever that was!

[sandman]

Post title limited to 60 characters. Thanks whoever that was!

[Dhilip89]

The demo link really cool.

[jvanegmond]

You were redirected again...

Edit: I'll make this more secure if you like to...

Edited May 9, 2007 by Manadar

[sandman]

You were redirected again...

Edit: I'll make this more secure if you like to...

What's 'unauthorized'?

[jvanegmond]

What's 'unauthorized'?

Just an idea we were playing around with..

[McGod]

Ok all Javascript, HTML anything with tags is nulled.

$entry = StringReplace($newentry, "<", "&lt;")
    $entry = StringReplace($entry, ">", "&gt;")

Took a note from IPB. You can type <script> </script> and it will look exactly like that, because Instead of < in the source it's &lt; which generates <

[McGod]

Ok, I placed

<script LANGUAGE="Javascript">

alert("Hey");

</SCRIPT>

java script:alert("Hey");

<script type="text/javascript">

alert("Hey");

</script>

<body onload="java script:alert("Hey");">Hey</body>

<a href="java script:alert("Hey");">Hey</a>

<div align="right">Hey</div>

<table>

<td>

<tr>

Hey

</tr>

</td>

</table>

<LINK REL=StyleSheet HREF="stylesheet.css" TITLE="Main">

<iframe

src ="/default.asp"

width="100%">

</iframe>

<title>

Hey

</title>

In a blog and nothing worked

[jvanegmond]

Ok, I placed

In a blog and nothing worked

You have to be smarter then that to execute some code on the blog..

[theguy0000]

Ok all Javascript, HTML anything with tags is nulled.

$entry = StringReplace($newentry, "<", "&lt;")
    $entry = StringReplace($entry, ">", "&gt;")

Took a note from IPB. You can type &lt;script> </script> and it will look exactly like that, because Instead of < in the source it's &lt; which generates <

...........

but then it doesn't allow the tags I want, like I have it programmed now...

[theguy0000]

hey Manadar, how did you get the script tags in there...its supposed to strip those out.

[theguy0000]

I just tested it, I can confirm that it strips <script> tags...how did you get around it?

[theguy0000]

oh :"> I see

[theguy0000]

now strips tags from the title, too. All tags. None are allowed in the title.

[jvanegmond]

You should have known better then that.

Currently, I'm totally out of ideas on how to redirect you now..

[theguy0000]

You should have known better then that.

Currently, I'm totally out of ideas on how to redirect you now..

i know lol

ok, thats good

why do you keep posting useless stuff? (ANC and ABC?)

[theguy0000]

no longer allows posts with less than 3 characters, not including whitespace

[spyrorocks]

I have been away from the forums here for a while, so I never got a chance to exploit-test this...

I left a little message on the blog itself (http://blog.theguy0000.com/). Sorry for bringing up old threads, but it does still contain security issues.